CNNVD-202512-3945 Information
CNNVD ID
CNNVD-202512-3945
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
youlai-boot是中国youlaiorg开源的一个权限管理系统。 youlai-boot V2.21.1版本存在安全漏洞,该漏洞源于SysRoleController.java中的getRoleForm函数未执行权限检查,可能导致非root用户直接访问root角色。
Description (English)
Youlai-boot is a rights management system for the open source of youlaiorg in China. Youlai-boot V2.21.1 has a security loophole, which stems from the fact that the GetRoleForm function in SysRoleController.java does not perform permission checks, which may lead to direct access by nonroot users to root roles.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
youlaiorg
Published
2025-12-22
Last Modified
2026-02-24
References
https://gitee.com/youlaiorg/youlai-boot/commit/9197065102f92264ded814a9d3e9f2a4ff0da121 https://gist.github.com/old6ma/dc9e6e4a693d12c1a35fd4e1d21d4743 https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FR https://access.redhat.com/security/cve/cve-2025-66735
Patch
https://gitee.com/youlaiorg/youlai-boot/releases
Share on: